APPLE-SA-2009-06-08-1

SUSE-SR:2011:002

54975

35379

43068

http://support.apple.com/kb/HT3613

35260

USN-857-1

ADV-2009-1522

ADV-2011-0212

safari-document-information-disclosure(51267)

Various bugs in webkit have been fixed. The CVE id's are :

CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040

Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2009-0945     Array index error in the insertItemBefore method in     WebKit, as used in qt4-x11, allows remote attackers to     execute arbitrary code.

  - CVE-2009-1687     The JavaScript garbage collector in WebKit, as used in     qt4-x11 does not properly handle allocation failures,     which allows remote attackers to execute arbitrary code     or cause a denial of service (memory corruption and     application crash) via a crafted HTML document that     triggers write access to an 'offset of a NULL pointer.

  - CVE-2009-1690     Use-after-free vulnerability in WebKit, as used in     qt4-x11, allows remote attackers to execute arbitrary     code or cause a denial of service (memory corruption and     application crash) by setting an unspecified property of     an HTML tag that causes child elements to be freed and     later accessed when an HTML error occurs.

  - CVE-2009-1698     WebKit in qt4-x11 does not initialize a pointer during     handling of a Cascading Style Sheets (CSS) attr function     call with a large numerical argument, which allows     remote attackers to execute arbitrary code or cause a     denial of service (memory corruption and application     crash) via a crafted HTML document.

  - CVE-2009-1699     The XSL stylesheet implementation in WebKit, as used in     qt4-x11 does not properly handle XML external entities,     which allows remote attackers to read arbitrary files     via a crafted DTD.

  - CVE-2009-1711     WebKit in qt4-x11 does not properly initialize memory     for Attr DOM objects, which allows remote attackers to     execute arbitrary code or cause a denial of service     (application crash) via a crafted HTML document.

  - CVE-2009-1712     WebKit in qt4-x11 does not prevent remote loading of     local Java applets, which allows remote attackers to     execute arbitrary code, gain privileges, or obtain     sensitive information via an APPLET or OBJECT element.

  - CVE-2009-1713     The XSLT functionality in WebKit, as used in qt4-x11     does not properly implement the document function, which     allows remote attackers to read arbitrary local files     and files from different security zones.

  - CVE-2009-1725     WebKit in qt4-x11 does not properly handle numeric     character references, which allows remote attackers to     execute arbitrary code or cause a denial of service     (memory corruption and application crash) via a crafted     HTML document.

  - CVE-2009-2700     qt4-x11 does not properly handle a '\0' character in a     domain name in the Subject Alternative Name field of an     X.509 certificate, which allows man-in-the-middle     attackers to spoof arbitrary SSL servers via a crafted     certificate issued by a legitimate Certification     Authority.

The oldstable distribution (etch) is not affected by these problems.

It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program.
(CVE-2009-0945)

Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725)

It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713)

It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Safari installed on the remote Windows host is earlier than 4.0.  It therefore is potentially affected by numerous issues in the following components :

  - CFNetwork
  - CoreGraphics
  - ImageIO
  - International Components for Unicode
  - libxml
  - Safari
  - Safari Windows Installer
  - WebKit

The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.  As such, it is potentially affected by numerous issues in the following components :

  - CFNetwork
  - libxml
  - Safari
  - WebKit

The version of Safari installed on the remote host is earlier than 4.0. Such versions are potentially affected by numerous issues in the following components : 

  - CFNetwork

  - CoreGraphics

  - ImageIO

  - International Components for Unicode

  - libxml

  - Safari

  - Safari Windows Installer

  - WebKit

ID	Name	Product	Family	Severity
75629	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
53764	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
44852	Debian DSA-1988-1 : qt4-x11 - several vulnerabilities	Nessus	Debian Local Security Checks	high
42467	Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)	Nessus	Ubuntu Local Security Checks	high
39339	Safari < 4.0 Multiple Vulnerabilities	Nessus	Windows	high
39338	Mac OS X : Apple Safari < 4.0	Nessus	MacOS X Local Security Checks	high
5046	Safari < 4.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
800993	Safari < 4.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2009-1713

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins